Pix_R
2 years agoLevel 5
Data Insight - CVE-2022-42889 vulnerability in Apache Commons Text, dubbed "Text4Shell"
Is DI vulnerable to the newly disclosed vulnerability?
This is not log4shell and is a new disclosure.
Thank you
Pix
Data Insight does not use the mentioned module in the Apache Commons Text library. Hence DI is not impacted by this Remote Code Execution (RCE) vulnerability. However, we always recommend customers go with the latest DI version upgrade, as it contains security upgrades and fixes. Please reach out to your support engineer for more details and an official response.
I often refrain from commenting on the issues here, which have "Open\In-progress" veritas support cases under investigation, but this was important.